Nearly 25,000 public health organization employees had their email addresses and passwords exposed after they were dumped online. According to the SITE Intelligence Group, a U.S. – based hacker activist is the likely source of the Bill & Melinda Gates Foundation, Center for Disease Control and Prevention (CDC), National Institute of Health (NIH) and World Health Organization (WHO) employee information being exposed. CNET reported that the email addresses and passwords appear to have come from data that was breached and first posted on the internet in 2016. According to the Washington Post, the hacker was encouraging people to go into the emails of the respected agencies to “uncover” what was happening at the organizations in regards to COVID-19.

The leaked data was reported in April and is believed to have come from a larger set of breached information. Fortunately, the leaked password information only affected one system at WHO, an older extranet system. WHO has reported an increase in attempted hacks and has seen an increase in fraudulent emails sent by hackers posing as WHO employees. However, WHO has also reported that the increase in attacks has not been due to this data leak, particularly because old WHO employee information was exposed.

WHO said the following in a statement: “Ensuring the security of health information for Member States and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are all in this fight together.”

The Gates Foundation reported that they do not currently have an indication of a data breach at their foundation. However, employees at the affected organizations should change their passwords and the passwords of any other accounts that have the same credentials. The WHO employee information being exposed is another reminder of the importance of using strong, unique passwords, and never using the same password across multiple accounts.

If someone believes they had their WHO or other organization’s employee information exposed, or is a victim of identity theft, they can live chat with an Identity Theft Resource Center expert advisor. They can also call toll-free at 888.400.5530. Advisors will help people create an action plan that is personalized to their set of circumstances.